Hetzner has been mentioned a few times in the past on the forum. Because of their policy of filtering MAC addresses and only allowing the external interface’s MAC address, you cannot bridge onto the external interface.
Instead try removing the br0 bridge and using the routed NIC type to pass the additional IP you’ve been allocated into the container, while still using the host’s MAC address externally.
See How to get LXD containers get IP from the LAN with routed network
and https://linuxcontainers.org/lxd/docs/master/instances#nic-routed